Cloud Security Analyst at a agriculture with 1-10 employees
Real User
Top 5
2024-04-01T13:46:40Z
Apr 1, 2024
Integrating the Fortify Static Code Analyzer into our software development lifecycle was straightforward. It highlights important information beyond just syntax errors. It identifies issues like password credentials and access keys embedded in the code.
I like Fortify Software Security Center or Fortify SSC. Basically, this tool is installed on each developer's machine, but Fortify Software Security Center combines everything. We can meet there as security professionals and developers. The developers scan their code and publish the results there. We can then look at them from a security perspective and see whether they fixed the issues. We can agree on whether something is a false positive and make decisions.
I like the Fortify taxonomy as it provides us with a list of all of the vulnerabilities found. Fortify release updated rule packs quarterly, with accompanying documentation, that lets us know what new features are being released.
Learn what your peers think about Fortify Static Code Analyzer. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
Senior Architect at a healthcare company with 10,001+ employees
Real User
2022-04-10T11:12:13Z
Apr 10, 2022
Fortify Static Code Analyzer tells us if there are any security leaks or not. If there are, then it's notifying us and does not allow us to pass the DevOps pipeline. If it is finds everything's perfect, as per our given guidelines, then it is allowing us to go ahead and start it, and we are able to deploy it.
Its flexibility is most valuable. It is such a flexible tool. It can be implemented in a number of ways. It can do anything you want it to do. It can be fully automated within a DevOps pipeline. It can also be used in an ad hoc, special test case scenario and anywhere in between.
Fortify Static Code Analyzer (SCA) utilizes numerous algorithms in addition to a dynamic intelligence base of secure coding protocols to investigate an application’s source code for any potential risk of malicious or dangerous threats. Additionally, the solution will prioritize the most critical concerns and give direction on how users can repair those concerns. This solution researches each and every potential route that workflow and data can travel to discover and repair all possible...
Integrating the Fortify Static Code Analyzer into our software development lifecycle was straightforward. It highlights important information beyond just syntax errors. It identifies issues like password credentials and access keys embedded in the code.
Automating the Jenkins plugins and the build title is a big plus.
You can really see what's happening after you've developed something.
I like Fortify Software Security Center or Fortify SSC. Basically, this tool is installed on each developer's machine, but Fortify Software Security Center combines everything. We can meet there as security professionals and developers. The developers scan their code and publish the results there. We can then look at them from a security perspective and see whether they fixed the issues. We can agree on whether something is a false positive and make decisions.
The integration Subset core integration, using Jenkins is one of the good features.
I like the Fortify taxonomy as it provides us with a list of all of the vulnerabilities found. Fortify release updated rule packs quarterly, with accompanying documentation, that lets us know what new features are being released.
Fortify Static Code Analyzer tells us if there are any security leaks or not. If there are, then it's notifying us and does not allow us to pass the DevOps pipeline. If it is finds everything's perfect, as per our given guidelines, then it is allowing us to go ahead and start it, and we are able to deploy it.
We write software, and therefore, the most valuable aspect for us is basically the code analysis part.
Its flexibility is most valuable. It is such a flexible tool. It can be implemented in a number of ways. It can do anything you want it to do. It can be fully automated within a DevOps pipeline. It can also be used in an ad hoc, special test case scenario and anywhere in between.